Information Security

Home Loan Home Loan

IDBI Bank, We guard.
We protect. We secure.

Simple safeguards can help you to protect your accounts and
save you from losing your hard earned money.

Overview

IDBI Bank has been in the forefront in leveraging Information Technology (IT) to extend better service / products to the customers and other stakeholders, it recognizes the need for effective IT risk management. Apart from Information Security aspects, IDBI Bank's IT risk mitigation strategy includes aspects of compliance & privacy also. IDBI Bank has put in place an Information Security Policy (ISP) to ensure that information is protected from unauthorized access and confidentiality & integrity of the information are maintained along with timely availability of IT resources to legitimate users. A high-level Information Security Steering Committee (ISSC) of IDBI Bank ensures that provisions are in place for continued protection of IT resources of IDBI Bank. Apart from conducting regular information security awareness programs for the employees, IDBI Bank also communicates with the customers on various Information Security precautions through E-Mail / Mail / SMS.

IDBI Bank’s IT infrastructure and systems have been implemented within a robust information security framework. The centralized Data Center of IDBI Bank has been accredited with ISO 27001. ‘Defense in depth’ is achieved by multi-level information security implementations such as Firewalls, Gateway filters, De-militarized zone (DMZ), etc. Access to the information of IDBI Bank is on ‘need to know’ basis and internal controls & processes are in place to achieve the same. A dedicated team monitors the information security infrastructure of IDBI Bank on a 24X7 basis.

Phishing

The phishing email may also direct you to a spoofed website or pop-up window, which looks exactly like the real site. Phishing is an increasingly common type of scam in which personal data such as credit card numbers and online banking passwords are stolen for fraudulent use.

The fraudster sends "spoofed" emails that appear to come from a legitimate website that you have online dealings with such as a bank, credit card company or an ISP - any site which requires users to have a personal identity or account. The email may ask you to reply with your account details in order to "update security" or for some other reason.

site’s login page, but has been set up for the sole purpose of stealing personal information. Unsuspecting people are then often fooled into handing over credit card numbers, passwords or other personal details.

If you are using Internet banking or any other online account, you should be aware of these attacks and how to protect against them.

At IDBI, we would never ask for your personal details through an email. Nor would we ask for your password through any means, online or offline. If any of our bank personnel asks you for your password, do not disclose it and report him or her immediately to us.

Changing passwords often helps in protecting your account even if inadvertently you may have disclosed it to someone.

PCs at cyber cafes may be infested with viruses and Trojans that can capture and transmit your personal data to fraudsters. The easiest way to grab information is key logging softwares. Beware of typing passwords on unknown PCs.

Some phishing emails or other spam may contain software that can record information on your internet activities (spyware) or open a 'backdoor' to allow hackers access to your computer (Trojans). Installing anti-virus software and keeping it up to date will help detect and disable malicious software, while using anti-spam software will stop phishing emails from reaching you. It is also important, particularly for users with a broadband connection, to install a firewall. This will help keep the information on your computer secure while blocking communication from unwanted sources. Make sure you keep up to date and download the latest security patches for your browser. If you don't have any patches installed, visit your browser's website, for example users of Internet Explorer should go to the Microsoft website.

Before submitting your bank details or other sensitive information there are a couple of checks you can do to help ensure the site uses encryption to protect your personal data: If the address bar is visible, the URL should start with ‘https://’ (‘s’ for secured) rather that the usual ‘http://’.

If the address bar is not visible as in our Internet Banking website, look for a lock icon on the browser's status bar. You can check the level of encryption, expressed in bits, by hovering over the icon with your cursor.

Phishing

Note that the fact that the website is using encryption doesn't necessarily mean that the website is legitimate. It only tells you that data is being sent in encrypted form.

If you are in any doubt, click on the lock icon at the bottom of the secured page. This opens up a new window, displaying the SSL certificate information. Ensure that there is no red cross mark preceding the title ‘Certificate Information’. It should also be ‘Issues to: www.idbibank.co.in. You can get more information by clicking on the other tabs in the certificate window. Following the above steps would help you in protect yourself. However, please remember, fraudsters are always trying to stay a step ahead. To ensure that you remain protected at all times.

  • Never let anyone know your PINS or passwords, do not write them down.

  • Do not use the same password for all your online accounts.

  • Avoid opening or replying to spam emails as this will give the sender confirmation they have reached a live address.

Above all, use common sense when reading emails. If something seems implausible or too good to be true, then it probably is.

Please remember to always use the facility of the Virtual KeyPad, provided on the login page while logging on to your account from an unknown PC or from a cyber café.

Precautionary Measures

  • Never let anyone know your PINs or passwords, do not write them down.
  • Do not use the same password for all your online accounts.
  • Avoid opening or replying to spam emails, even if purportedly sent by the Bank.
  • In case of suspicion, report the matter immediately to us on our toll free 24 hour customer care numbers or email us at icare@idbibank.com.
  • Look for the padlock symbol on the bottom bar of the browser to ensure that the site is running in secure mode.
  • Disable the "Auto Complete" function on your browser to prevent your browser from remembering Passwords.
  • Always logout to terminate your session, instead of closing the browser directly.
  • Always type the address of the bank website in the address bar of your browser or access it from your stored list of favourites.
  • Do not access the bank website through a link in an email or through another website.
  • Using special characters like # $ @ etc. in your password is highly recommended.

Caution

If you receive an e-mail claiming to be from IDBI Bank Ltd. regarding updating sensitive account information or asking for verifying your identity or login to your account for instant activation etc. by clicking on a link provided within the email, DO NOT act on the mail and delete such mails from your mailbox. Please also let us know by forwarding the e-mail to icare@idbibank.com or call on our toll free Phone Banking numbers.

Frauds / Cybercrimes through Investment / Part Time Job / Ponzi Scheme Scams

Safe digital banking starts with you. Transact safely

  • Never share your account details such as account number, login ID, password, PIN, UPI-PIN, OTP, ATM / Debit card / credit card details with anyone, not even with bank officials, however genuine they might sound.
  • Any phone call / email threatening the blocking of your account on the pretext of non-updation of KYC and suggestion to click link for updating the same is a common modus operandi of fraudsters. Do not respond to offers for getting KYC updated / expedited. Always access the official website of the bank or contact the branch.
  • Do not download any unknown app on your phone / device. The app may access your confidential data secretly.
  • Transactions involving receipt of money do not require scanning barcodes / QR codes or entering MPIN. Thus, exercise caution if asked to do so.
  • Always access the official website of bank provider for contact details. Contact numbers on internet search engines may be fraudulent.
  • Check URLs and domain names received in emails / SMSs for spelling errors. Use only verified, secured, and trusted websites / apps for online banking, that is, websites starting with ‘’https’’. In case of suspicion, notify local police / cybercrime branch immediately.
  • If you receive an OTP for debiting your account for a transaction not initiated by you, inform your bank / e-wallet provider immediately. If you receive a debit SMS for a transaction not done, inform your bank / e-wallet provider immediately and block all modes of debit, including UPI. If you suspect any fraudulent activity in your account, check for any addition to the beneficiary list enabled for internet / mobile banking.
  • Do not share the password of your email linked to your bank / e-wallet account. Do not have common passwords for e-commerce / social media sites and your bank account / email linked to your bank account. Avoid banking through public, open or free networks.
  • Do not set your email password as the word “password” while registering in any website / application with your email as user-id. The password used for accessing your email, especially if linked with your account, should be unique and used only for email access and not for accessing any other website / application.
  • Do not be misled by advices intimating deposit of money on your behalf with any organization for foreign remittances, receipt of commission, or wins of lottery.
  • Regularly check your email and phone messages for alerts from your financial service provider. Report any un-authorized transaction observed to bank immediately for blocking the card / account / wallet, so as to prevent any further losses.
  • Secure your cards and set daily limit for transactions. You may also set limits and activate / deactivate for domestic / international use. This can limit loss due to fraud.
  • Do not fall prey to part-time job offers, earn online and other advertisements on Internet and/or messaging platform etc. and are promised high commissions or high return ponzi schemes such as doubling of money in short span of time.
  • Do not click suspicious investment link over chat.
  • Limit management through Internet or Mobile Banking app
  • Do not share or give control of your web or mobile screen to others.